From: Pieter Lexis <pieter.lexis@powerdns.com>
Date: Tue, 20 Dec 2016 15:51:55 +0000 (+0100)
Subject: rec: Cap max-cache-ttl to 15 seconds
X-Git-Tag: rec-4.1.0-alpha1~276^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=63637fd866cc39ac48075586d9e360b4d0e00d4a;p=thirdparty%2Fpdns.git

rec: Cap max-cache-ttl to 15 seconds

Having no cache makes no sense and anything below a few seconds will
lead to SERVFAILs on recursors that have a low query load.

Closes #4634
---

diff --git a/docs/markdown/recursor/settings.md b/docs/markdown/recursor/settings.md
index 95f4b57aa5..c1c41d85f1 100644
--- a/docs/markdown/recursor/settings.md
+++ b/docs/markdown/recursor/settings.md
@@ -584,6 +584,8 @@ for most installations.
 
 Maximum number of seconds to cache an item in the DNS cache, no matter what the
 original TTL specified.
+Since PowerDNS Recursor 4.1.0, the minimum value of this setting is 15.
+i.e. setting this to lower than 15 will make this value 15.
 
 ## `max-mthreads`
 * Integer
diff --git a/pdns/pdns_recursor.cc b/pdns/pdns_recursor.cc
index 16c1146673..565f9242fe 100644
--- a/pdns/pdns_recursor.cc
+++ b/pdns/pdns_recursor.cc
@@ -2750,7 +2750,7 @@ int serviceMain(int argc, char*argv[])
   SyncRes::s_nopacketcache = ::arg().mustDo("disable-packetcache");
 
   SyncRes::s_maxnegttl=::arg().asNum("max-negative-ttl");
-  SyncRes::s_maxcachettl=::arg().asNum("max-cache-ttl");
+  SyncRes::s_maxcachettl=max(::arg().asNum("max-cache-ttl"), 15);
   SyncRes::s_packetcachettl=::arg().asNum("packetcache-ttl");
   // Cap the packetcache-servfail-ttl to the packetcache-ttl
   uint32_t packetCacheServFailTTL = ::arg().asNum("packetcache-servfail-ttl");